akkiliON

Exploit: *.att.com - Cross-Site-Scripting Reflected Site link: att.com Reported PoC:

Sapt?mâna trecut? am primit mesajul.

Nu în?eleg unde trebuie s? trimit datele bancare. Trebuie s? le dau un reply cu toate datele la acel mesaj care l-am primit în leg?tur? cu recompensa ?

Mda. Aiurea de tot !

Ce mult am primit ?i eu.

https://www.youtube.com/watch?v=sqPnpDDNoow

Era ceva de genu pentru a trece de = : +{string:alert} . Sunt pe tel acuma si nu pot sa scriu atat de mult...

eBay nu ofera bani. Au doar HOF.

On Tuesday, the Washington Post revealed a few more NSA slides released by Edward Snowden, which revealed that the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers as part of a program called. Chairman and former CEO of Google Eric Schmidt says the company’s executives are shocked by allegations that the National Security Agency has been collecting data from the search engine’s servers. “It’s really outrageous that the NSA was looking between the Google data centers, if that’s true,” he said. Overnight, Two Google's Security engineers - Mike Hearn and Brandon Downey expressed reasonable anger about the news on Google+, said "Fuck these guys", where these represent NSA and GCHQ. I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces. Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA. We designed this system to keep criminals out. These are their own opinion, not an official statement from Google. According to them, NSA, in its efforts to protect freedom and democracy, has in short order wholly compromised freedom and democracy. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done – build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined. He also says "Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer." Google engineers over surveillance scandal: 'Fuck you NSA' - TheHackerNews

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote Code Execution flaw, which has been dubbed CVE-2013-3906 , exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008. "The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post. Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li. A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. According to Microsoft, the exploit combines multiple techniques to bypass exploit mitigation techniques such as ASLR (DEP) and address space layout randomization (ASLR). The affected products are: Windows Vista x86, x64 Windows Server 2008 x86, x64, Itanium, Server Core Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 x86, x64 Microsoft Office Compatibility Pack Microsoft Lync 2010 x86, x64 Microsoft Lync 2010 Attendee Microsoft Lync 2013 x86, x64 Windows 7 and 8 and Office 2013 and Office 365 are not affected. Microsoft released a temporary 'Fix It' workaround that could block the attack by blocking rendering of the vulnerable TIFF graphic format by way of a registry key. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1 The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. CVE-2013-3906 : Zero Day Vulnerability in Microsoft Graphics Component - The Hacker News

https://v.cdn.vine.co/r/videos/5F532AFA31975165822215811072_100440b10b3.3.1_KfMCz1yWHj1VMpQIM0tpsUi8qDVAkxoHl1Wpcyfu534JDOuH21jAvJaoRFp72xpz.mp4?versionId=fX5PariLusbZh_8Aw9OkSIpzx9MiDllo https://v.cdn.vine.co/r/videos/6B67B87136966921759196639232_1f95cb73a17.3_J2fezlaoxrhdecuYCfuU0qjjNvwHJ1xxU8uKlUYlcA2nFmPHo2wKQWhTfyhJUBiT.mp4?versionId=Pu2JyGLNwgcMhEBJ.qni4o47txJwXGtP

Busted.

Am v?zut

Update: Acknowledgements - Nokia

http://www.youtube.com/watch?v=1Owd5e0PWtI

FAIL 0:54

Troll

L-am editat s? nu îl mai vad? toat? lumea. Am s? revin ?i cu un mesaj când am s? fiu ad?ugat în Thanks Page (Hall of Fame).

Se poate s? prime?ti altceva înloc de bani. Baft?. Yahoo! Bug Bounty

!